问题
OK-- thanks to Mike, I was able to get Wincrypt to generate a Diffie-Hellman keypair. I figured out out to export the public key, and how to import the other party's public key. According to the docs, upon import of the other party's public key, the shared secret has been computed. Great.
I now need to get ahold of that shared secret, but I don't think its possible. Simply calling CryptExportKey with a type of PLAINTEXTKEYBLOB fails unless I call CryptSetKeyParam to change the algorithm id from CALG_AGREEDKEY_ANY to something... else. But I don't want something else, I want the shared secret. The API, however, seems designed to discourage this.
Any ideas out there? I should note that the problem here is that I'm only writing one side of an implementation of WiFi Protected Setup. So the protocol is defined for me, and the other party is not giving me HCRYPTKEYs.
回答1:
This looks like what you need... from: http://msdn.microsoft.com/en-us/library/aa381969(VS.85).aspx
To import a Diffie-Hellman public key and calculate the secret session key
- Call the
CryptAcquireContextfunction to get a handle to the Microsoft Diffie-Hellman Cryptographic Provider. - Create a Diffie-Hellman key by calling the
CryptGenKeyfunction to create a new key, or by calling theCryptGetUserKeyfunction to retrieve an existing key. - To import the Diffie-Hellman public key into the CSP, call the
CryptImportKeyfunction, passing a pointer to the public key BLOB in thepbDataparameter, the length of the BLOB in thedwDataLenparameter, and the handle to the Diffie-Hellman key in thehPubKeyparameter. This causes the calculation,(Y^X) mod P, to be performed, thus creating the shared, secret key and completing the key exchange. This function call returns a handle to the new, secret, session key in thehKeyparameter. - At this point, the imported Diffie-Hellman is of type
CALG_AGREEDKEY_ANY. Before the key can be used, it must be converted into a session key type. This is accomplished by calling theCryptSetKeyParamfunction withdwParamset toKP_ALGIDand withpbDataset to a pointer to aALG_IDvalue that represents a session key, such asCALG_RC4. The key must be converted before using the shared key in theCryptEncryptorCryptDecryptfunction. Calls made to either of these functions prior to converting the key type will fail. - The secret session key is now ready to be used for encryption or decryption.
- When the key is no longer needed, destroy the key handle by calling the
CryptDestroyKeyfunction.
来源:https://stackoverflow.com/questions/87694/im-using-wincrypt-for-diffie-hellman-can-i-export-the-shared-secret-in-plain